GHSA-FHVC-GP6C-H2WX Read on uninitialized buffer in postscript

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2021-2135)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ghostscript is a set of software that provides a PostScriptinterpreter, a set of C procedures the Ghostscript library,...

Adobe Illustrator PostScript File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Bridge PostScript Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...

Advisory ROSA-SA-2021-1832

Software: exempi 2.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-18235 CVE-Crit: MEDIUM CVE-DESC: An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles / source / FormatSupport / WEBPSupport.cpp does not guarantee non-zero width and height values, allowing remote attackers to cause...

Denial Of Service

ghostscript is vulnerable to denial of service. The vulnerability exists due to a memory corruption. An attacker is able to override file access controls by using non-standard PostScript that resulted in a size that was too large, and could underflow to max uint32t...

SUSE: Security Advisory (SUSE-SU-2018:3330-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:2981-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for transfig (FEDORA-2021-b71f405f40)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DEBIAN-CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51...

ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51...

RLSA-2021:1881 Moderate: poppler and evince security, bug fix, and enhancement update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device...

ALSA-2021:1881 Moderate: poppler and evince security, bug fix, and enhancement update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device...

ghostscript security, bug fix, and enhancement update

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...

[SECURITY] Fedora 34 Update: autotrace-0.31.1-60.fc34

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

UBUNTU-CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

SUSE: Security Advisory (SUSE-SU-2018:3095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pillow 输入验证错误漏洞

Pillow is a Python-based image processing library. a denial of service vulnerability exists in versions of Pillow prior to 8.2.0, which can be exploited by attackers with malicious EPS files to cause a denial of service...